On Fri, 2010-05-14 at 22:01 +0200, Spud. Ivan. wrote:
>
>
> Hi,
>
>
>
> I'm trying to insert a serialized data into mysql, but I does
> mysql_real_escape_string() before inserting it.
>
>
>
> INSERT IGNORE INTO `table` (`value`) VALUES
> ('a:3:{s:12:"F1";s:6:"nombre";s:11:"F2";s:5:"F3";s:16:"F4";s:10:"F5";}');
>
>
>
> it result in
>
> INSERT IGNORE INTO `table` (`value`) VALUES
> (\'a:3:{s:12:\"F1\";s:6:\"nombre\";s:11:\"F2\";s:5:\"F3\";s:16:\"F4\";s:10:\"F5\";}\');
>
>
>
> and of course it's not a valid SQL sentence.
>
>
>
> Why can't I escape an SQL value with " ???
>
>
>
> Regards.
>
>
>
> I.Lopez.
>
>
>
>
>
> _________________________________________________________________
> ¿Quieres conocer trucos de Windows 7? ¡Los que ya lo usan te los cuentan!
> http://www.sietesunpueblodeexpertos.com/index_windows7.html
It appears that you're performing the mysql_real_escape_string on the
entire query, and not the variables you're using in your query, hence
the single quotes that denote an SQL string being escaped.
Thanks,
Ash
http://www.ashleysheridan.co.uk
